1. Field
At least one feature relates to secure communications between devices in a communication network and more specifically to collection and sharing of available network communication associations across different layers and applications.
2. Background
Applications, such as electronic mail (email), on either wired or wireless devices in a communication network are currently unaware of the strength of the underlying authentication mechanism that was used to create security associations in the network. As a result, each application manages its own security when communicating with another device. For instance, an application may know that a Transport Layer Security (TLS) or Internet Protocol Security (IPSec) channel exists, but not how the channel was established. The channel may have been established, for example, via Unauthenticated Diffie-Hellman (DH), Pretty Good Privacy (PGP) based authentication, Pre-Shared Key (PSK) based authentication or Public Key Infrastructure (PKI) based authentication, but the application is unaware of the type of authentication used to establish the channel.
In the Open System Interconnection (OSI) layered communications and computer network protocol design, each layer may establish its own secured or unsecured association or channel. For example, a first OSI layer may establish a secured or unsecured communication channel with another device. Similarly, a second OSI layer, for instance, a Media Access Control (MAC) layer, an Internet Protocol (IP) layer, and/or an application layer, may protect communications between two devices using its own secure channel. An application operating on a layer of a device is typically unaware of the security or authentication characteristics of a first layer channels or associations and, therefore, has to establish its own secure channel or association.
Even if the application knew of a secure association or channel on another layer, as discussed above, it does not know what type or strength of authentication was used to create the secure association or channel. If the authentication level is not clear, maintaining a minimum level of authentication at each layer is impossible. As a result, an application has to establish its own Internet Protocol (IP) connectivity, i.e. IP layer encryption, even though a first layer communication association or channel is available and could be employed for the same purpose.
Additionally, even if the application were knowledgeable of the type of authentication used to establish a security association at a first layer, this alone may be insufficient to determine the actual quality of the security association. Although authentication may prove that an entity is who it claims to be, it cannot provide assurance on the reliability or quality of the service available through the entity. Currently, applications looking for such assurance have no means of obtaining it.
In view of the above, a system and method is desirable for providing information on first layer network communication associations to first or second layer applications to facilitate secure communications over the first layer network communication associations, thereby avoiding the establishment of an additional first network communication association or the use of a second layer network communication association. The information may include the established network communication associations, type of authentication used and the reliability or level of trust of the security association.